Yesterday, July 7, the United Kingdom’s National Crime Agency (NCA) released their Cyber Crime Assessment report for 2016, where they outlined the most important threats to UK businesses such as cybercrime. This is the first cybercrime report produced jointly by the NCA and industry partners.
The report’s findings echo those we in Trend Micro have seen in the past, including the increased threats posed by Business Email Compromise (BEC) schemes, distributed denial of service (DDoS) attacks, data breaches, and ransomware. It highlights the need for collaboration between the industry and law enforcement (LE) globally in order to successfully combat cybercrime. As part of these collaboration efforts, Trend Micro and the NCA signed a Memorandum of Understanding (MOU) in July of 2015, leading to a successful arrest in November 2015.
The report notes how cybercrime has surpassed normal or traditional crime, in terms of impact. The UK’s Office of National Statistics included cybercrime for the first time in their 2015 annual Crime Survey of England and Wales. The survey estimated that there are 2.46 million cyber incidents and 2.11 million victims of cybercrime in the UK last year.
Computer misuse and computer enabled crime accounted for 53% of all crime in the UK in 2015, making it larger than all other kinds of crime.
Figure 1. Distribution of crime types in the UK last 2015
Source: Cyber Crime Assessment 2016, National Crime Agency
This was the number of estimated crimes that took place last year; however the number of crimes reported to UK law enforcement was significantly less, with a total of 716,000 cyber-enabled and -dependent crimes reported. We can see here the global trend where cybercrime is generally unreported in national crime statistics. As the NCA said in their press release, “This shortfall in reporting hampers the ability of law enforcement to understand the operating methods of cyber criminals and most effectively respond to the threat.”
Trend Micro actively encourages victims of cybercrime to report these crimes to their local law enforcement or national fraud reporting service, if one exists (such as ActionFraud in the UK). If your house was burglarized, of course you would report it. When an attacker uses malware, phishing, and other attacks to steal data from your computer or money from your accounts, why would things be any different? After all, it is essentially a burglary in your system.
All countries face the difficult task of fighting cybercrime. And while reporting a crime does not guarantee that local authorities will be able to apprehend the cybercriminals or attackers, at least it helps to show the scale of the problem. Doing so, also allows government agencies to properly allocate their resources to best help and protect their citizens against cybercrime.
Trend Micro strongly believes that collaboration between law enforcement and private organizations like security vendors can help reduce the risks that cybercrime pose to users and businesses. By simply reporting such crimes, all global citizens can take in the fight against cybercrime. Only then can we truly help to make the world safer for the exchange of digital information.